http://www.elcomsoft.com - PowerPoint PPT Presentation

About This Presentation
Title:

http://www.elcomsoft.com

Description:

Signed certificate with Publisher's RSA Public key ... Use this certificate to Reader-certify any plug-in. Only certified plug-ins will be loaded by Acrobat Reader ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 21
Provided by: andyma8
Learn more at: http://www.cs.cmu.edu
Category:
Tags: com | elcomsoft | http | www

less

Transcript and Presenter's Notes

Title: http://www.elcomsoft.com


1
Presentation on on DEF CON Nine, July 13th -
15th, 2001 Alexis Park in Las Vegas, Nevada USA
eBooks security - theory and practice
http//www.elcomsoft.com
2
eBooks security - theory and practice
1. Foreword
2. PDF encryption
3. Standard security handler
4. Rot13 handler
5. FileOpen handler
6. SoftLock handler
7. Adobe Web Buy handler (PDF Merchant)
8. Acrobat eBook Reader EBX handler (formerly
GlassBook)
9. Arbitrary handler (obtaining encryption key
from PDF viewer)
10. Security flaw in Acrobat plug-ins
certification
http//www.elcomsoft.com
3
Electronic Publishing
  • Advantages
  • Lower overhead publication and distribution cost
  • Ability of instant worldwide distribution over
    the internet
  • Many books in little physical volume
  • Ability to search, highlight, underline, add
    annotations, bookmarks
  • Hyperlinks
  • Disadvantages
  • Formats incompatibility
  • Information in electronic form could be
    duplicated and transmitted, and there is no
    reliable way to take control over that processes.

http//www.elcomsoft.com
4
Electronic Publishing/Reading Solutions
  • Dedicated reading devices
  • RocketBook
  • eBookMan Reader
  • Software eBook leaders
  • Adobe Acrobat PDF
  • Microsoft Reader LIT
  • Software eBook Compilers/Readers
  • Activ E-Book
  • E-Publisher Gold
  • eBook Pro Compiler
  • HTML2EXE
  • E-Book Publishing Wizard
  • eBook Generator
  • Infinite Press Publisher
  • WinEbook
  • ...

Related Internet resources http//www.ebookcompil
ers.com/
http//www.elcomsoft.com
5
eBook Pro compiler
Short description (taken from www.ebookpro.com) "
eBook Pro", the only software in the universe
that makes your information virtually 100
burglarproof! It comes with a lifetime,
money-back guarantee "At Last, You Can Sell
Information Online (And Make Thousands Of Sales
Per Day) - Without The Danger Of Having Your
Information Stolen And Resold By Others
Actual features All HTML pages and supplementary
files are compressed with deflate algorithm from
ZLIB Compressed data are encrypted by XOR-ing
each byte with every byte of the string
encrypted, which is the same as XOR with
constant byte
Related Internet resources http//www.ebookpro.co
m/
http//www.elcomsoft.com
6
PDF file structure
ltPDF filegt ltheadergt ltbodygt ltcross-reference
tablegt lttrailergt ltbodygt ltobjectgt
ltobjectgt ltobjectgt ltobjectIDgt (ltdatagt
ltstream dictionarygt ltstreamgt)
Basic data types Example Boolean true Numeric
3.1415926 Object reference 23 0
R Name /ProcSet String (Contents) Stream
binary data - data could be encrypted
Complex data types Example Array 23 0 R /XYZ
null Dictionary ltlt/Name1 (Val1) /Name2 /Val2gtgt
Related Internet resources http//www.adobe.com/p
roducts/acrobat/adobepdf.html
http//www.elcomsoft.com
7
PDF file encryption
PDF Document ltEncrypted Contentgt ltltEncryption
Dictionarygtgt Contains security handler name and
supplementary information necessary to obtain
encryption key
Security handler Takes information from
Encryption Dictionary, calculates document
encryption key and passes it to PDF Viewer
PDF Viewer Takes document encryption key,
decrypts PDF document and display it on the screen
Screen
Related Internet resources http//www.adobe.com/p
roducts/acrobat/adobepdf.html
http//www.elcomsoft.com
8
Object encryption key calculation
Algorithm ver.1,2
MD5 HASH algorithm
Document encryption key
Object encryption key
Object ID Generation
MD5 HASH algorithm
Document encryption key
Algorithm ver.3
ScrambledObject ID Generation
Object encryption key
sAlT string
Related Internet resources http//www.adobe.com/p
roducts/acrobat/adobepdf.html
http//www.elcomsoft.com
9
Standard security handler
  • Two passwords are supported
  • User (open) password to open the document (with
    some restriction)
  • Owner (security) password to change security
    settings
  • Knowing either password is sufficient to decrypt
    the document

Possible restrictions, when opened with User
password
  • Modifying the documents contents
  • Copying text and graphics from the document
  • Adding or modifying text annotations and
    interactive form fields
  • Printing the document

New User password restriction, introduced in
Acrobat 5
  • Form fill-in and sign document
  • Text inspection and accessibility
  • Page insertion, rotation,and deletion. Creation
    of bookmarks and thumbnails
  • Low-quality printing only

Related Internet resources http//www.adobe.com/p
roducts/acrobat/adobepdf.html
http//www.elcomsoft.com
10
Standard security handler
Passwords per second on 450MHz Pentium III
Handler type \ Password type User Owner
Standard security handler 2 190,0001?MD5 1?RC4 100,0002?MD5 2?RC4
Standard security handler 3 3,25051?MD5 20?RC4 1,610102?MD5 40?RC4
Time necessary for complete key enumeration (40
bits key) on PIII-450
PCs \ total HDD 0 GB 128 GB 256 GB 384 GB 512 GB
1 960 hr 480 hr 240 hr 120 hr 60 hr
2 480 hr 240 hr 120 hr 60 hr 30 hr
3 320 hr 160 hr 80 hr 40 hr 20 hr
4 240 hr 120 hr 60 hr 30 hr 15 hr
Related Internet resources http//www.elcomsoft.c
om/apdfpr.html
http//www.elcomsoft.com
11
Rot13 security handler
  • Short description
  • Used by New Paradigm Resource Group
    (www.nprg.com)
  • Protected documents costs about 3000 per copy
  • Requires hardware dongle to operate
  • Actual features
  • Clone of the Rot13 sample plug-in, which
    supplied with Acrobat 4 SDK
  • Uses fixed encryption key for all documents
  • Key could be easily found as text string in the
    body of plug-in

Related Internet resources http//www.nprg.com/
http//www.elcomsoft.com
12
FileOpen security handler
  • Short description (taken from www.fileopen.com)
  • Developed by FileOpen Systems
  • Supports pass-along prevention, document
    expiration, and controlled printing
  • Adobe Selects FileOpen to Be An Acrobat 5
    Security Partner
  • Publishers license costs 2500
  • FileOpen and Acrobat 5.0 provide a complete,
    secure e-publishing solution
  • Actual features
  • FileOpen Publisher 2.3 encrypts ALL documents
    with one fixed key
  • FileOpen Publisher 2.4 uses variant keys, but
    encrypted document itself contains all necessary
    information to instantly calculate encryption key

Related Internet resources http//www.fileopen.co
m/
http//www.elcomsoft.com
13
SoftLock security handler
  • Short description
  • Developed by SoftLock Services, Inc.
    (www.softlock.com)
  • Calculates unique SoftlockID Number based on HDD
    volume ID
  • Requires password which matches SoftlockID to
    open the document
  • Password is used in document key calculation
  • Actual features
  • Unlocking password is exactly 8 characters
  • Each character converted to one hexadecimal digit
  • Two characters are used for integrity checking
  • Effective password length is only 24 bits
  • Correct password could be found by calling not
    optimized checking routine in 30 hours on 450 MHz
    CPU

Related Internet resources http//www.softlock.co
m/
http//www.elcomsoft.com
14
Adobe WebBuy (PDF Merchant)
  • Short description
  • License (.RMF file) is required to open the
    document
  • License consist of
  • Signed certificate with Publishers RSA Public
    key
  • One or more pairs of some ID (like CPU ID, USER
    ID, UTC, ) and encrypted document key,
    associated with that ID. Different pairs are
    combined with AND and OR operators
  • Document permissions
  • Data to check license validity
  • Two RSA Public keys owned by Adobe (1024 bit and
    912 bit in length) are involved in license
    verification and document key calculation
  • It is impossible to generate valid certificate
    without having access to RSA Private keys, owned
    by Adobe
  • It is possible to calculate document key and
    decrypt the document if both PDF and matching RMF
    file are available

Related Internet resources http//pdfmerchant.ado
be.com/
http//www.elcomsoft.com
15
Adobes Acrobat eBookReader (formerly GlassBook)
  • Short description
  • Implements Electronic Book Exchange (EBX)
    protocol
  • RSA keys pair is generated during activation
  • Public key is registered on content server, while
    Private is retained by Reader
  • Document key encrypted by Public key and stored
    in Voucher
  • Voucher contains information about document
    permissions, expiration,
  • Voucher is signed with HMAC protocol
  • Brief analysis
  • Voucher could not be falsified without knowing
    the Document key
  • Document key could not be calculated without
    knowing the Private key
  • Private key is stored somewhere on local computer
  • After obtaining the Document key it is very easy
    to create Voucher with any permissions and for
    any computer

Related Internet resources http//www.ebxwg.org/
http//www.adobe.com/products/contentserver/main.h
tml
http//www.elcomsoft.com
16
Adobes Acrobat eBookReader (formerly GlassBook)
Interim key calculationfrom hidden copy
Interim key calculationfrom hardware IDs
son.dat file
RC5Decrypt
Interimkey
Fixedkey
Interimkey
CPU IDVolume ID
SHA1
Document key calculation
mor.dat file
Voucher
RC5Decrypt
RSADecrypt
PrivateRSA key
Documentkey
Interimkey
Related Internet resources http//www.adobe.com/p
roducts/contentserver/main.html
http//www.elcomsoft.com
17
Object encryption key calculation
Algorithm ver.1,2
MD5 HASH algorithm
Document encryption key
Object encryption key
Object ID Generation
MD5 HASH algorithm
Document encryption key
Algorithm ver.3
ScrambledObject ID Generation
Object encryption key
sAlT string
Related Internet resources http//www.adobe.com/p
roducts/acrobat/adobepdf.html
http//www.elcomsoft.com
18
Obtaining encryption key from PDF viewer
Anti reverse-engineering measures in PDF viewers
Application name Code encryption Debugger detection Code integrity checking
Acrobat 4 No No No
Acrobat 5 No In DocBox plug-in No
eBook Reader PACE InterLok PACE InterLok No
How to find code of MD5 functions
  • MD5_Update function resides not far from MD5_Init
    function, which uses constants 0x67452301,
    0xEFCDAB89, 0x98BADCFE and 0x10325476
  • MD5_Update often called just after call to
    MD5_Init function
  • MD5_Update or some function called from
    MD5_Update uses 64 constants defined in MD5
    specification

http//www.elcomsoft.com
19
Security flaw Acrobat plug-ins certification
mechanism
Why to certify plug-in
  • Only certified plug-ins will be loaded by Acrobat
    Reader
  • In some cases (e.g. when opening document
    protected with WebBuy or DocBox) only plug-ins
    certified by Adobe are permitted to be loaded

How to certify plug-in
  • Sign Reader Integration Key License Agreement
    with Adobe
  • Pay 100 to obtain Reader Certification digital
    certificate from Adobe
  • Use this certificate to Reader-certify any plug-in

How certificate validity is checked
  • Only data from PE Header is used for checking

How to bypass plug-ins certificate checking
  • Modify code of any plug-in certified by Adobe to
    load non-certified plug-in and pass control to
    it. Take care to not modify data in PE header

http//www.elcomsoft.com
20
Presentation on on DEF CON Nine, July 13th -
15th, 2001 Alexis Park in Las Vegas, Nevada USA
eBooks security - theory and practice
http//www.elcomsoft.com
Write a Comment
User Comments (0)
About PowerShow.com